Top 305 bugbounty open source projects

All about bug bounty (bypasses, payloads, and etc)

Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.

🎯 SQL Injection Payload List

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

Multi Tool Subdomain Enumeration

🎯 Command Injection Payload List

Collection of misc IT Security related whitepapers, presentations, slides - hacking, bug bounty, web application security, XSS, CSRF, SQLi

A Powerful Subdomain Takeover Tool

Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.

A collection of awesome one-liner scripts especially for bug bounty tips.

A big list of Android Hackerone disclosed reports and other resources.

Powerfull XSS Scanning and Parameter analysis tool&gem

Making Favicon.ico based Recon Great again !

Automated Red Team Infrastructure deployement using Docker

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

This repo is about @harshbothra_ 365 days of learning Tweet & Mindmap collection

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

Top disclosed reports from HackerOne

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Intelligence tool but without API key

For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙

Generates combination of domain names from the provided input.

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

OneForAll是一款功能强大的子域收集工具

Some files for bruteforcing certain things.

OSINT

平常看到好的渗透hacking工具和多领域效率工具的集合

A fast DOM based XSS vulnerability scanner with simplicity.

Hetty is an HTTP toolkit for security research.

A list of interesting payloads, tips and tricks for bug bounty hunters.

🎯 XML External Entity (XXE) Injection Payload List

A MongoDB importer and API for Project Sonars DNS datasets

The fastest dork scanner written in Go.

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

Automation for javascript recon in bug bounty.

Subdomain takeover vulnerability checker

Fully automated offensive security framework for reconnaissance and vulnerability scanning

An automated approach to performing recon for bug bounty hunting and penetration testing.

An automated target reconnaissance pipeline.

CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.

This repository created for personal use and added tools from my latest blog post.

Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]

Awesome cloud enumerator

PHP Security Check List [ EN ] 🌋 ☣️

Pentest/BugBounty progress control with scanning modules

Automated All-in-One OS Command Injection Exploitation Tool.

Web path scanner

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

Good resources about web security that I have read.

Extract server and IP address information from Browser SSRF

A python tool to check subdomain takeover vulnerability

Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.

Flutter Reverse Engineering Framework

Security tool to quickly audit Public Box files and folders.

List of bug bounty and coordinated vulnerability disclosure programs of companies/organisations in Switzerland